d_barszczak Posted June 9, 2009 Share Posted June 9, 2009 Hi all, Hoping someone can help me here. I currently have a web server that hosts my customers websites. At the moment the only sites hosted are ones that have been developed by my company. I would like to offer a hosting package but am worried about security with php. I don't want my users to access files outside their hosting directory via php as it usually allows full access to the system. Do you know any ways of restricting php like this? Its a Ubuntu Server running php and mysql. The server hosts apache virtual hosts. Thanks in advance!! Quote Link to comment https://forums.phpfreaks.com/topic/161582-become-a-web-host/ Share on other sites More sharing options...
ldougherty Posted June 9, 2009 Share Posted June 9, 2009 You want to enable open_basedir in php.ini so that your users can not access any files outside of their home directory that are not specified in their include path. Quote Link to comment https://forums.phpfreaks.com/topic/161582-become-a-web-host/#findComment-852702 Share on other sites More sharing options...
nickthrolson Posted June 13, 2009 Share Posted June 13, 2009 You can also CHMOD so people cant see the files php.ini file will work too Quote Link to comment https://forums.phpfreaks.com/topic/161582-become-a-web-host/#findComment-855215 Share on other sites More sharing options...
trq Posted June 14, 2009 Share Posted June 14, 2009 If you seriously asking how to do this and worried about the consequences of not doing it then it is likely you are not ready to host other peoples websites. Running a server is a full time job when its done properly. Quote Link to comment https://forums.phpfreaks.com/topic/161582-become-a-web-host/#findComment-855279 Share on other sites More sharing options...
d_barszczak Posted June 15, 2009 Author Share Posted June 15, 2009 Thanks for the info. I fully understand that hosting a web server is a full time job and that I should not be offering a managed hosting service if I am unsure of the security complications. This is the reason why I currently only host websites designed by myself on a very secure and reliable setup. I though asking the question in a PHP support forum may be a good start. I will under no circumstances start running a managed hosting service until I can guarantee my users security. This question was just to point me in the correct direction of further research. Thanks Quote Link to comment https://forums.phpfreaks.com/topic/161582-become-a-web-host/#findComment-856060 Share on other sites More sharing options...
AtomicRax Posted June 17, 2009 Share Posted June 17, 2009 Have you looked at suPHP? Quote Link to comment https://forums.phpfreaks.com/topic/161582-become-a-web-host/#findComment-857694 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.